Opera: Multiple vulnerabilities
— GLSA 200708-17

Opera contain several vulnerabilities, some of which may allow the
execution of arbitrary code.

Affected Packages

Package

www-client/opera on all architectures

Affected versions

< 9.23

Unaffected versions

>= 9.23

Background

Opera is a multi-platform web browser.

Description

An error known as "a virtual function call on an invalid pointer" has
been discovered in the JavaScript engine (CVE-2007-4367). Furthermore,
iDefense Labs reported that an already-freed pointer may be still used
under unspecified circumstances in the BitTorrent support
(CVE-2007-3929). At last, minor other errors have been discovered,
relative to memory read protection (Opera Advisory 861) and URI
displays (CVE-2007-3142, CVE-2007-3819).

Impact

A remote attacker could trigger the BitTorrent vulnerability by
enticing a user into starting a malicious BitTorrent download, and
execute arbitrary code through unspecified vectors. Additionally, a
specially crafted JavaScript may trigger the "virtual function"
vulnerability. The JavaScript engine can also access previously freed
but uncleaned memory. Finally, a user can be fooled with a too long
HTTP server name that does not fit the dialog box, or a URI containing
whitespaces.

Workaround

There is no known workaround at this time for all these
vulnerabilities.